Total
6337 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5733 | 1 Japanese Php Gallery Hosting | 1 Japanese Php Gallery Hosting | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in upload/upload.php in Japanese PHP Gallery Hosting, when Open directory mode is enabled, allows remote attackers to upload and execute arbitrary PHP code via a ServerPath parameter specifying a filename with a double extension. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-0558 | 1 Microsoft | 6 Office, Office Compatibility Pack For Word Excel Ppt 2007, Office Excel and 3 more | 2026-04-23 | N/A |
| Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability." | ||||
| CVE-2007-2900 | 1 Scallywag.org | 1 Scallywag | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-04-25 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/. | ||||
| CVE-2008-5793 | 2 Joomla, Recly | 2 Joomla, Clickheat-heatmap | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/overview/main.php. | ||||
| CVE-2009-3362 | 1 Sznews | 1 Sznews | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in printnews.php3 in SZNews 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. | ||||
| CVE-2007-4038 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-23 | N/A |
| Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670. | ||||
| CVE-2009-3365 | 1 Traza | 1 Aurora | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter. | ||||
| CVE-2009-2519 | 1 Microsoft | 3 Windows 2000, Windows Server 2003, Windows Xp | 2026-04-23 | N/A |
| The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability." | ||||
| CVE-2007-5663 | 2 Adobe, Redhat | 3 Acrobat, Acrobat Reader, Rhel Extras | 2026-04-23 | N/A |
| Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655. | ||||
| CVE-2006-5220 | 1 Objective Development | 1 Webyep | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.php, (b) WYDocument.php, (c) WYEditor.php, (d) WYElement.php, (e) WYFile.php, (f) WYHTMLTag.php, (g) WYImage.php, (h) WYLanguage.php, (i) WYLink.php, (j) WYPath.php, (k) WYPopupWindowLink.php, (l) WYSelectMenu.php, and (m) WYTextArea.php; (2) files in the programm/elements/ directory including (n) WYGalleryElement.php, (o) WYGuestbookElement.php, (p) WYImageElement.php, (q) WYLogonButtonElement.php, (r) WYLongTextElement.php, (s) WYLoopElement.php, (t) WYMenuElement.php, and (u) WYShortTextElement.php; and (3) programm/webyep.php. | ||||
| CVE-2009-2497 | 1 Microsoft | 7 .net Framework, Windows 2000, Windows 7 and 4 more | 2026-04-23 | N/A |
| The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability." | ||||
| CVE-2008-4798 | 1 Webgui | 1 Webgui | 2026-04-23 | N/A |
| The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL. | ||||
| CVE-2008-6937 | 1 Jabber | 1 Exodus | 2026-04-23 | N/A |
| Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an xmpp:// URI, a different vector than CVE-2008-6935 and CVE-2008-6936. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-5314 | 1 Xkiosk | 1 Xkiosk Web | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in system/funcs/xkurl.php in xKiosk WEB 3.0.1i, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PEARPATH parameter. | ||||
| CVE-2009-0225 | 1 Microsoft | 1 Office Powerpoint | 2026-04-23 | N/A |
| Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability." | ||||
| CVE-2007-0986 | 1 Jupiter Cms | 1 Jupiter Cms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5, when PHP 5.0.0 or later is used, allows remote attackers to execute arbitrary PHP code via an ftp URL in the n parameter. | ||||
| CVE-2009-3464 | 1 Adobe | 1 Shockwave Player | 2026-04-23 | N/A |
| Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6748 | 1 Newxooper | 1 Newxooper | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in i-accueil.php in Newxooper 0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-3465 | 1 Adobe | 1 Shockwave Player | 2026-04-23 | N/A |
| Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-0083 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-23 | N/A |
| The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. | ||||